PHI Security

Supporting hospitals in the mitigation of legal and financial risk associated with the protection and securement of PHI

Under the US Health Insurance Portability and Accountability Act (HIPAA), protected health information (PHI) identifiers must be treated with special care. The HIPAA Standards for the Protection of Electronic Protected Health Information requires security measures in place to ensure electronic PHI is appropriately safeguarded.

Protecting the patient’s needs and safety are at the core of everything hospitals do, but health information breaches are unfortunately frequent. In the past two years, 94% of US hospitals have leaked data resulting in an average cost of $2.4 million for the breached organization.

Hospitals demand an integrated, safe way of delivering patient-centered care, utilizing healthcare IT to improve clinical outcomes, while protecting data. The privacy of PHI is highly valued and therefore vulnerable to unauthorized disclosure, such as when information is displayed openly on a computer screen or data left on an endpoint falls into unauthorized hands. User names and passwords left in open areas become susceptible to theft from outside sources seeking to acquire patient data illegally. Security measures must be implemented to permit only authorized users to access electronic health information through an appropriately secure manner.

Workarounds to the logon/logoff processes designed to protect this information are unfortunately common as clinicians are frequently required to abandon any particular workstation at a moment’s notice to care for a patient in dire need. Time-strained clinicians need to avoid losing unsaved data and long wait times to return to a previous session in an EMR. Some hospitals have attempted single sign-on (SSO) to increase speed to access, but still struggle with data that is easily breached—even if this data is encrypted.

Aventura provides an additional layer to enterprise security.  This layer validates users in association with a device prior to direct interaction with standard enterprise authentication and security.  With this extra security, Aventura supports hospitals in the mitigation of legal and financial risk associated with the protection of PHI, as well as demonstrate HIPAA compliance.

  • Enhanced Clinical Context guards against unauthorized use and disclosure of PHI by:
    • Prompting the user with the correct patient name to lessen the risk of patients seeing another’s chart during clinical care
    • Providing a direct and easy way for a nurse or other clinician to find the record she needs means documentation at the point of care in two clicks
  • Session timeouts control data security by:
    • Disconnecting the provider’s session after a short period of time, but leaving the availability to tap back in and retrieve the same session
    • Logging off the desktop after a period of inactivity and regenerating a fresh desktop at the next tap
  • The patient data itself remains in a centralized data center to prevent endpoint data breach
  • Two factor authentication prevents password theft by pairing a physical card with a memorized PIN or password
    • Pairing something a clinician has with something they know enhances user access control in a roaming environment
    • EMR password saved via Aventura Speed Pass to prevent manual re-entry
  • Upon tap out, the clinician’s session is immediately disconnected and secured. All of the information and appropriate applications are presented to the clinician upon re-authentication.
  • Patient charts and applications are launched/hidden/minimized/maximized based on user, group, workstation, and/or location.